I am trying to protect against a client that has somehow ended up in an infinite loop with no sleep or delay, and this client is calling ldap_search thousands of times a second. Just one unruly or demanding client can adversely affect service to all other clients.
Is there a way to configure slapd to prevent a single connection from consuming less than half of the thread pool, or any other resources (e.g., CPU, socket connections, etc.)? Ken R. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Chu Sent: Tuesday, February 07, 2006 6:34 PM To: Kurt D. Zeilenga Cc: Ramseyer, Ken; [email protected] Subject: Re: Protecting a slapd Server from Excessive Client Queries Kurt D. Zeilenga wrote: > At 11:27 AM 2/7/2006, Ramseyer, Ken wrote: > >> Can OpenLDAP (slapd) be protected from a runaway client process that >> repeatedly calls ldap_search thousands of times a second? >> > > IIRC, slapd(8) will attempt to prevent a single connection to consume > more than half thread pool. Of course, client which consumes half the > thread pool for even short periods of time can adversely affect > service to other clients. > > Beyond this, no other slapd(8) features come to mind. > And of course, a moderately powerful machine can easily service thousands of searches per second. So the other question is, what are you really trying to protect against? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
